Blog Posts Tagged with "Infosec"

Folks who are just coming into infosec often ask me for a few ways to engage with the infosec community and begin to build relationships. Here a few quick words of advice that I give them for making that happen. BUT, you have to work to earn respect and rapport in this community and contribute. You must add value...

These days, I am very, very afraid for the future of CISOs. Over the past few years, and specifically the past 12 months, I have become increasingly alarmed at the level of “groupthink” and “synchronized nodding” going on with security executives. Here are some of the things I am seeing...

Question: “I really want to know what advice the Experts would give to someone looking to get into the information security business. What should they do to get up to speed and what should they do to participate in the infosec community?”...

Marketing and sales professionals will, inevitability, require a cloud-based collaboration processes or they face a potential competitive disadvantage. Therefore, IT executives are best-served by investigating the rate at which their employees are using unsanctioned tools that facilitate potential breaches...

"Our team is extremely pleased with the high caliber, diversity and expertise of the confirmed speakers we have secured for this event. Having such a dynamic lineup of highly respected industry professionals to share their knowledge and inspire those seeking employment..."

I recently wrote a piece for the BBC in which I tried to explain why steganography (as opposed to cryptography) posed a threat. Or least it might. The trouble is we don't really know, and the default position has been to assume that because we haven't discovered it being used en masse the threat is negligible...

Wireshark – Sharking the wires is one of my favorite things to do. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need...

Anything to do with Cyber equates to a lot of money. One estimate for CY 2012 was $13 Billion being budgeted for cybersecurity just for the US government. One study I read predicted we would need to increase spending by up to 1,800 percent. That, ladies and gentlemen, is a big chunk of change...

By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...

It’s interesting to me that as a security industry (a subset of the larger computer industry), we talk at our conferences about how stress and burnout come from always being on the front line, feeling isolated, unable to relax; and we draw parallels to how strange our industry is in this way...

And as much as you might not care, if President Obama signs an Executive Order on cybersecurity, it will set the de facto standards that we all must live with. You’ll share the data and you’ll have to live with the standards...

While ours is a friendly community, I did observe my share of bad behavior from a small minority in our community. So here is my short list of ways you can avoid being a (jerk term) at a con. If we all were to follow even these 4 simple rules the infosec world would be a better place...

As always happens in a multi-track con, I was unable to attend every talk, so don't take offense if you spoke and your talk isn't listed here. I received many good reports from my students who attended different talks. None of my students complained about any bad talks...

The cyberwar is upon us and we had best start taking it seriously because people in power are making plans, and like biological warfare, it seems perhaps there could be unforeseen circumstances that could trigger bigger and worse things. Plan accordingly and think a bit more cogently...

From giant industry events, analyst events, regional events, hacker cons, to any kind of gathering you can think of including conferences on boats, trains, and buses. At any given time, you can find a security conference happening. What is it about the industry that loves an event?

A disturbing trend in security conferences is meta-talks that have nothing to do with pwning stuff. Burnout, sexism, career advice, economics, recruiting, food, exercise and other presentations on what's wrong with the security industry, are replacing actual knowledge transfer...